Version 1.3 - April 23, 2026
This document (“Policy”) lays out the conditions under which personal data is collected as part of the clotho.ai website (“Website”). It explains the purpose and nature of the personal data collected; how personal data is collected and processed; and how you may access, monitor, and delete your personal data.
The data controller for the purposes of this Policy is Clotho AI (“we”, “us”, “our”), registered as a SASU in France (RCS Versailles, n°838 766 269), with registered office at 3, rue du Comte d’Orsay 78240 Chambourcy, France.
This Policy is bound by the General Data Protection Regulation (Regulation 2016/679 of the European Parliament dated April, 27th 2016) (“GDPR”), the French Data Protection Act (Loi n°78-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés).
The collection of personal data is necessary in order for us to provide the Services. We collect the minimal amount of personal data required to do so, and the purpose for which your data is used and collected will not change.
The processing of this data is necessary for the performance of the contract between you and Clotho AI.
Upon the creation of your account, it is necessary for you to provide login credentials of your choice, namely email address and password, Google account ID, or other third party account ID used to log in.
In order to secure your account and prevent unauthorized access, your device’s location and fingerprint (unique identifier compiled using your device’s characteristics and settings) are also automatically collected when accessing and using the Services.
In addition, browsing data is automatically collected when using the Services in order to monitor the Services and anticipate and troubleshoot problems, issues, and bugs. This processing is based on Clotho AI’s legitimate interest in maintaining and improving the Services.
This processing is based on your consent, which you may withdraw at any time.
You may specify your affiliation with an institution in order to access advanced functionalities of the Services which are paid for by your institution.
You may fill out your name (first name, last name, middle name) and professional information such as your role and level of experience for onboarding, customer support, and identification by other users of the Services, which may be desirable or even mandatory for proficiency testing, participant recruitment, or collaboration purposes.
This processing is necessary for the performance of the contract between you and Clotho AI.
If you wish to access paid features, you must provide your or your institution’s billing information, including address and information pertaining to your credit card and/or your preferred payment method.
This processing is based on your consent, which you may withdraw at any time.
For proficiency testing and annotation purposes, you may provide answers to a proficiency test, answers to theoretical questions, forensic annotations, and forensic assessments.
This processing is based on your explicit consent, which you may withdraw at any time.
If you wish to participate in a project involving data collection, you must provide data whose specific nature depends on the requirements of the project to which you intend to participate. Such data can be broken down into two categories:
You will not be compensated for inputting participant information or for participating in a data collection as part of the Services. Your participant data will be used solely for Education, Research, and Development (“ER&D”) purposes in forensic science. Your participant data will not be used for criminal investigation or prosecution purposes.
Our Services use only strictly necessary cookies, which are required to maintain your session and provide secure access to the Website. No consent is required for these cookies as their use is necessary for the performance of the contract between you and Clotho AI. If you disable cookies in your browser, you may not be able to access or use the Services.
Forensic data collectors are authorized registered users who design and run data collections on the platform. They have access to anonymized participant data from their own collections and from other collections whose researchers have explicitly permitted it. Such access requires an appropriate user profile and is subject to the visibility settings of each data collection.
Both Clotho AI and forensic data collectors may only use participant data for ER&D purposes in forensic science under the limitations specified by our Terms of Use.
We use the following third-party service providers to deliver the Services. No participant, proficiency, or annotation data is shared with any of these providers.
| Provider | Purpose | Role | Location |
|---|---|---|---|
| Google LLC | Authentication | Independent controller | USA |
| PostHog, Inc. | Website analytics, session recording & client-side error monitoring | Data processor | Germany |
| Rollbar, Inc. | Server-side error monitoring | Data processor | USA |
| Stripe, Inc. | Payment processing | Data processor | USA |
| Twilio Inc. (SendGrid) | Transactional email | Data processor | USA |
Data processors act solely on our behalf and under our instructions, pursuant to a data processing agreement.
Independent controllers are only involved when you choose to use their authentication service (e.g. Sign in with Google), in which case your data is also processed under their own privacy policy.
For all providers located outside the European Economic Area, Clotho AI ensures that appropriate safeguards are in place for the transfer of your personal data, specifically Standard Contractual Clauses approved by the European Commission and certification under the EU-US Data Privacy Framework.
Upon closure of your account, the personal data shared with these providers will be deleted with the same provisions as the data stored by us.
In the event of a merger, acquisition, or sale of all or part of Clotho AI’s assets, your personal data may be transferred to the acquiring entity. In such cases, Clotho AI will ensure that the acquirer is bound by this Policy or provides equivalent protections. Participant, proficiency, and annotation data will only be transferred to an acquirer who agrees to restrict its use to ER&D purposes. You will be notified of any such transfer and of any material changes to how your personal data is processed as a result, and you will have the opportunity to exercise your rights prior to the transfer taking effect.
You have the following rights regarding your personal data:
To exercise your rights or submit a complaint, you may contact us at contact@clotho.ai.
You also have the right to lodge a complaint with the French data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), if you believe your personal data has been processed in violation of applicable law.
As a participant or prospective participant in a data collection, you may request additional information from the researchers involved about their research project and your involvement as a participant both before, during, and after the data collection.
Participating in a data collection is entirely voluntary. You may withdraw your consent at any time and without providing a justification. You may therefore:
The management of your consent can be done using the Services and without the need for personal interaction.
The provision of personal data is necessary for us to provide the Services. If you choose not to provide the personal data associated with a given feature or with the Services as a whole, you will not be able to access it.
Your personal data is stored for only as long as is necessary for the purposes of the Services. For this reason, your personal data is only stored until you delete it, withdraw your consent, or close your account. Upon the closure of your account, all your personal data will be deleted immediately, except where retention is required by applicable law.
By way of exception, billing and payment data is retained for 10 years following the relevant transaction, as required by French commercial law (Code de commerce, Art. L123-22). During this retention period, this data will be used solely for accounting and legal compliance purposes.
Clotho AI implements appropriate technical and organisational measures to protect your personal data against unauthorized access, loss, or disclosure. These measures include:
In the event of a personal data breach, Clotho AI will notify the relevant supervisory authority and, where required, the affected data subjects, in accordance with applicable law.